Security Alerts and Updates

  Latest Security Updates for Apple Software
•  AV Mac Security Test and Review 2019
•  AV Security Software Summary Report 2019

April, 2020  (Click listings for more information) .
09  Large email extortion campaign underway, DON’T PANIC!
09  3.6M+ users installed iOS fleeceware from Apple’s App Store.
08  New IoT botnet launches DDoS attacks, spreads malware.
08  Zoom removes meeting IDs from title bar to boost security.
08  Firefox now tells Mozilla what your default browser is.
08  Microsoft releases April Office updates with crash fixes.
07  Chrome 81 released with 32 security fixes and Web NFC API.
07  iOS 13.4.1 and iPadOS 13.4.1 are out with a fix for FaceTime.
07  Microsoft buys to prevent Windows account hijacking.
07  Firefox 75 released with Windows 10 performance improvements.
07  xHelper: The Russian nesting doll of Android malware.
07  FIN6 and TrickBot combine forces in ‘Anchor’ attacks.
06  Microsoft script installs Folding@Home in Windows 10’s Sandbox.
06  A brisk private trade in zero-days widens their use.
06  Microsoft releases PowerToys 0.16.1 with a few bug fixes.
06  Google rolling out patch for Pixel devices with Bluetooth fixes.
06  FBI warns of BEC scammers exploiting cloud email services.
06  Fake Zoom installers being used to distribute malware.
05  John Opdenakker’s Weekly Security Newsletter.
05  This Week in Security – by Zack Whittaker.
05  Patch Lady – are you safe online?
04  12k+ hidden backdoor-like behavior found in Android apps.
04  Zoom turns on waiting rooms by default to prevent “zoombombing”.
04  Windows PCs exposed to attacks by HP Support Assistant bugs.
03  Discord turned into an account stealer by updated malware.
03  Mozilla patches two actively exploited Firefox zero-days.
03  Emotet took down a network by overheating all computers.
03  Zoom’s web client is down, users report 403 Forbidden errors.
02  Google squashes high-severity flaws in Chrome browser.
02  IRS warns of surge in economic stimulus payment scams.
02  FBI warns of attacks on remote work, distance learning platforms.
02  44M digital wallet items exposed in Key Ring cloud misconfig.
02  Office 365 phishing uses CSS tricks to bypass Email Gateways.
01  Coronavirus-themed malware destroys users’ computers.
01  Mitigate the Windows Font Parsing zero-day bug via GPO.
01  Cloudflare launches a DNS-based parental control service.
01  Cloudflare is bringing WARP to macOS and Windows.
01  OneDrive for Android updated, Pixel 4’s face unlock supported.
01  Get the March Windows and Office patches installed.

March, 2020  (Click listings for more information) .
31  How to secure your Zoom meetings from Zoom-bombing attacks.
31  Microsoft updates Windows 10 PowerToys with new utilities.
31  Microsoft delays disabling insecure TLS in browsers until July.
31  WinRAR 5.90 Final released for Windows, Mac, Linux, & Android.
31  Windows 10 builds 18363.753 & 17763.1132 released with VPN fix.
31  Microsoft resumes Edge updates with Edge 81 next week.
31  VelvetSweatshop bug resurrected in LimeRAT campaign.
31  Marriott reports data breach affecting up to 5.2 million guests.
31  Cloudflare’s DNS passes privacy audit, some issues found.
30  Windows 10 KB4554364 fixes Internet connectivity issues.
30  Banking malware spreads via COVID-19 relief payment phishing.
30  Microsoft Edge to warn of credentials leaked in data breaches.
30  Hackers take advantage of Zoom’s popularity to push malware.
30  Microsoft rebrands Office 365, adds more new features.
29  John Opdenakker’s Weekly Security Newsletter.
29  This Week in Security – by Zack Whittaker.
29  Phishing malware attack says you’re exposed to Coronavirus.
27  The Week in Ransomware – Don’t Attack Hospitals!
27  Apple unpatched VPN bypass bug impacts iOS 13.
27  Windows proxy bug knocks out some internet connections.
27  Actively exploited Windows font parsing bugs get temporary fix.
26  New Windows 10 bug causes Internet connectivity issues.
26  Google resumes Chrome releases on an adjusted schedule.
26  Firefox 76 will password protect all your saved passwords.
25  Tupperware site hacked & infected with payment card skimmer.
25  Reported problem with the Windows Defender “Unexpected error”.
25  Microsoft fixes Windows Defender scan bug with new update.
25  US Government sites give bad security advice.
24  Apple blocks third-party cookies in Safari.
24  Windows 10 optional cumulative update KB4541335 released.
24  Android lets advertisers get a list of all your apps.
24  Adobe fixes critical vulnerability in Creative Cloud Application.
24  Apple releases iOS 13.4, macOS 10.15.4, watchOS 6.2, & tvOS 13.4.
24  Tekya malware threatens millions of Android users.
24  Microsoft is pausing optional Windows 10 updates in May.
23  Windows Defender fix for Windows 10: enable network scanning.
23  Hackers hijack routers’ DNS to spread malicious COVID-19 apps.
23  Microsoft warns of hackers exploiting unpatched Windows bugs.
23 open redirect used by Coronavirus phishing to infect.
22  Windows Defender bug in Windows 10 skips files during scans.
22  John Opdenakker’s Weekly Security Newsletter.
22  This Week in Security – by Zack Whittaker.
21  Microsoft pauses new Edge browser versions due to Coronavirus.
20  FBI warning: phishing emails push fake govt stimulus checks.
20  Firefox reenables insecure TLS to improve access to COVID19 info.
20  New Mirai variant ‘Mukashi’ targets Zyxel NAS devices.
19  Google Releases Security Updates for Chrome.
19  WHO chief impersonated in phishing to deliver malware.
19  Microsoft delays Win10 1709 end of service due to pandemic.
19  Info-stealing malware spread by Folding@home phishing.
19  Critical RCE bug in Windows 7 and Server 2008 gets micropatch.
18  Firefox to remove support for the FTP protocol.
18  Google prioritizes security updates after halting Chrome releases.
18  Trickbot malware uses Coronavirus news to evade detection.
17  Adobe fixes nine critical vulnerabilities in Reader, Acrobat.
17  Two Trend Micro zero-days exploited in the wild by hackers.
17  US Commerce Dept shares tips on securing virtual meetings.
17  Windows 10 Secured-core PCs can block driver-abusing malware.
17  Microsoft releases Windows 10 builds 17763.1131, 17134.1399.
16  Malicious COVID-19 tracking app for Android locks users out.
16  Intel CPUs vulnerable to new ‘Snoop’ attack.
16  Win10 KB4551762 security update fails to install, causes issues.
15  Folding@Home now has 23 Coronavirus projects, donate CPU.
15  John Opdenakker’s Weekly Security Newsletter.
15  This Week in Security – by Zack Whittaker.
15  Patch Lady – after .NET I get this?
14  The Week in Ransomware – Stay Safe.
14  List of free software & services during Coronavirus outbreak.
14  Research finds Microsoft Edge has privacy-invading telemetry.
14  Reports of problems with the 2nd Win10 cumulative update.
13  The SMBv3 security hole doesn’t pose an immediate threat.
13  US Govt shares tips on securing VPNs used by remote workers.
13  Microsoft unveils Windows 10 automatic driver update plan.
12  CoronaVirus ransomware acts as cover for Kpot infostealer.
12  Microsoft releases security update for SMBv3 vulnerability.
12  Live Coronavirus Map Used to Spread Malware.
12  Tails 4.4 has been released with new Tor Browser version.
11  Avast disables JavaScript in its antivirus following major bug.
11  Chrome gets ‘Default to Guest’ mode for stateless browsing.
11  Windows Registry helps find malicious docs behind infections.
11  Intel patches security flaws in Windows graphics drivers.
11  Microsoft releases the March security updates for Office.
11  Disappearing SMBv3 patch, non-security Office patches.
10  Microsoft Patch Tuesday, March 2020 Edition.
10  Patch Tuesday: Here’s what’s new for Windows 7 & 8.1.
10  Windows 10 Update KB4540673 & KB4538461 Released.
10  Initial impressions of Patch Tuesday, March 2020.
10  Firefox 74 is out: Here are the key changes and features.
10  Malware unfazed by Chrome’s password, cookie encryption.
09  Google Play Protect miserably fails Android protection tests.
09  We’re in uncharted territory. Get Automatic Updates paused.
08  John Opdenakker’s Weekly Security Newsletter.
08  This Week in Security – by Zack Whittaker.
08  No, Microsoft hasn’t issued a “Windows 10 update warning”.
07  Google Authenticator lets other apps take screenshots of its code.
07  Data-stealing FormBook malware preys on Coronavirus fears.
07  AMD processors from 2011 to 2019 vulnerable to 2 new attacks.
06  The Week in Ransomware – Breaches Everywhere.
06  US Govt tips to defend against Coronavirus cyber scams.
06  Win10 KB4535996 update issues: crashes, slowdowns, more.
06  Emotet using upgraded WiFi spreader to infect victims.
05  Microsoft issues fix for blocked Windows 10 drivers.
05  T-Mobile breach exposes customer’s personal, financial info.
05  DuckDuckGo has announced the availability of Tracker Radar.
05  Intel CSME bug is worse than previously thought.
04  J.Crew disables user accounts after credential stuffing attack.
04  Critical Netgear bug impacts flagship Nighthawk router.
04  Microsoft OneNote used to sidestep phishing detection.
04  ProtonMail to come pre-loaded on HTC Exodus & Exodus 1s.
03  The Case for Limiting Your Browser Extensions.
03  Google pulls March security update for AT&T Pixel 4 users.
03  Microsoft releases Office updates with fixes, improvements.
03  UK NCSC releases tips on securing smart security cameras.
03  MediaTek bug affects millions of Android devices.
02  Windows 10 Y3K bug: won’t install after January 18, 3001.
02  Apple agrees to pay millions in settlement for slowing iPhones.
02  Brave deemed most private browser, Edge & Yandex least.
01  Ready to try out a Chromebook? Get a head start.
01  John Opdenakker’s Weekly Security Newsletter.
01  This Week in Security – by Zack Whittaker.
01  How to pause Windows 10 updates to avoid critical bugs.
01  Walgreens says mobile app leaked users’ personal data.
01  5 things to do before selling your Android phone.
01  National Consumer Protection Week.

February, 2020  (Click listings for more information) .
29  Hiding Windows file extensions is a security risk, enable now.
29  Chrome & Firefox extension lets you view deleted web pages.
28  The Week in Ransomware – Data Leaks Everywhere.
28  Now’s a good time to install the February patches.
28  NVIDIA fixes severe flaw in Windows GPU display driver.
28  AMD Radeon driver lands with fixes for RX 5000 series bugs.
28  Wireless carriers to be fined for selling customer location data.
27  Windows 10 KB4535996 update fixes Search, printing issues.
27  Microsoft Edge lets you block potentially unwanted programs.
27  As Coronavirus spreads, so does Covid-19 themed malware.
27  Android malware can bypass 2FA, unlock devices remotely.
27  Norton LifeLock phishing scam installs remote access Trojan.
26  Gmail bug makes it harder to empty Trash and Spam folders.
26  Credit card skimmer uses fake CDNs to evade detection.
26  February patches bring fire and ice but seem to have settled.
26  Samsung Galaxy S20 comes with a dedicated security chip.
26  Bug in Broadcom, Cypress WiFi chips leaks sensitive info.
26  Security flaws open connected vacuum to takeover.
26  Gmail adds deep learning to block malicious Office documents.
26  Sniffers steal payment card data from print store customers.
26  Zyxel 0day Affects its Firewall Products, Too.
25  Google patches Chrome zero-day that is being exploited.
25  Microsoft releases Windows 10 builds 17763.1075, 17134.1345.
25  uBlock Origin for Firefox blocks cloaked first-party scripts.
25  Firefox DNS over HTTPS rollout begins in the U.S.
25  Credit card skimmer running on 13 sites, despite notification.
24  PayPal accounts are abused for unauthorized payments.
24  Mozart malware gets commands, hides traffic using DNS.
24  Zyxel Fixes 0day in Network Storage Devices.
24  Racoon malware steals your data from nearly 60 apps.
24  Windows 10 gets temp patch for flaw fixed in buggy update.
23  Windows 10 privacy guide: settings everyone should use.
23  John Opdenakker’s Weekly Security Newsletter.
23  This Week in Security – by Zack Whittaker.
23  Privacy concerns raised over new Google Chrome feature.
21  Patch Lady – not every side effect is widespread.
21  Slickwraps data breach exposes financial and customer info.
21  Win10 1903 & 1909 customers should check Pause Updates.
21  Android malware still fools Google’s defense, new clicker found.
20  600 Android apps removed in Play Store adware crackdown.
20  FTC refunds victims of Office Depot tech support scam.
20  WhatsApp phishing URLs skyrocket with over 13,000% surge.
20  Credit card skimmer found on 9 sites, researchers ignored.
20  Hackers share 10M+ MGM Resorts guest database records.
20  The mess behind Microsoft’s yanked UEFI patch KB 4524244.
19  Microsoft rolls out new Windows 10 optional update choice.
19  Windows 10 KB4532693 update bug deletes user files.
19  SMS attack spreads Emotet, steals bank credentials.
19  Latest tax scams target apps and tax-prep websites.
18  Still running Win10 v1809 or earlier? Watch out for KB 4023057!
18  .NET Core non-security updates 2.1.16, 3.0.3, and 3.1.2 are out.
18  Ring forces 2FA on all users to secure cameras from hackers.
18  Firefox 73.0.1 released with fixes for Linux, Windows crashes.
18  AZORult malware infects victims via fake ProtonVPN installer.
18  Lenovo, HP, Dell peripherals face unpatched firmware bugs.
17  Microsoft Surface Laptop 3 screens are spontaneously cracking.
17  Windows 10 users affected by shutdown bug, how to fix.
16  John Opdenakker’s Weekly Security Newsletter.
16  This Week in Security – by Zack Whittaker.
16  Windows 10X to feature faster updates, Win32 apps support.
15  Microsoft pulls KB 4524244 and KB 4502496 from the Catalog.
14  OpenSSH adds support for FIDO/U2F security keys.
14  There’s finally a way to remove Android malware xHelper.
14  Surface Book and Book 2 get a handful of driver updates.
14  The Week in Ransomware – Targeting MSPs.
14  IRS urges taxpayers to enable multi-factor authentication.
14  Mobile phishing campaign spoofs major banks websites.
14  Windows 10 update causes freezes, installation issues.
13  Trojan is being distributed through malicious spam campaigns.
13  Win10 1903 & 1909 update causing desktops to disappear.
13  Malicious Chrome extensions removed from the Web Store.
13  SweynTooth bug affects hundreds of Bluetooth products.
12  Windows 10 update bug hides user data, loads wrong profile.
12  Patch Tuesday “fixes” are out – by Woody Leonhard.
12  Microsoft releases Office updates with security fixes.
11  Amex, Chase fraud protection emails used as phishing lure.
11  Microsoft’s February Patch Tuesday fixes 99 flaws, IE 0day.
11  Win10 cumulative updates KB4532693 & KB4532691 released.
11  Here’s what’s new for Windows 8.1 this Patch Tuesday.
11  Adobe releases the February 2020 Security Updates.
11  Dashlane password manager removed from Chrome Web Store.
11  Firefox 73 released with security fixes, new DoH provider.
10  Dell SupportAssist bug exposes business, home PCs to attacks.
10  Active PayPal phishing scam targets SSNs, passport photos.
10  Patch Tuesday’s tomorrow, enable ‘Pause Updates’.
10  Fix is in place for most users for Windows 10 search issue.
09  This Week in Security – by Zack Whittaker.
08  The Week in Ransomware – Exploiting Drivers.
08  Lock My PC used by tech support scammers, dev offers fix.
08  Win10 1903/1909 patch KB 4532695 having a host of problems.
07  Microsoft releases Windows 7 update to fix wallpaper bug.
07  Windows 7 users can’t shut down their PCs, how to fix.
07  Microsoft releases Edge browser version 80 to general public.
07  Emotet hacks nearby Wi-Fi networks to spread to new victims.
07  Magecart gang attacks Olympic ticket reseller and others.
06  Google fixes security flaw in Android’s Bluetooth component.
06  Phishing attack disables Google Play Protect, drops Trojan.
06  Oscar nominated movies featured in phishing, malware attacks.
06  Wacom drawing tablets track every app you open.
06  BEC scammers’ interest in the real estate sector rises.
06  Philips smart light allowed hacking of devices on the network.
05  When Your Used Car is a Little Too ‘Mobile’.
05  Medicaid CCO vendor breach exposes health, personal info.
05  WhatsApp bug allows malicious code-injection, one-click RCE.
05  Windows 10 Search is broken and shows blank results.
04  Realtek fixes DLL hijacking flaw in HD audio driver for Windows.
04  Chrome 80 released with 56 security fixes, cookie changes.
04  Emotet gets ready for tax season with malicious W-9 forms.
04  Two critical Android bugs get patched in February update.
04  Medtronic patches implanted device, CareLink programmer bugs.
04  Google bug sent private Google Photos videos to other users.
04  Windows 10 botched update causes internet & sound issues.
03  Google cuts Chrome ‘patch gap’ in half, from 33 to 15 days.
03  New EmoCheck tool checks if you’re infected with Emotet.
03  Twitter fixed flaw exploited to match phone numbers to accounts.
02  John Opdenakker’s Weekly Security Newsletter.
02  This Week in Security – by Zack Whittaker.
02  Patch Lady – don’t install optional updates.
02  Pirated software is all fun and games until your data’s stolen.
01  Firefox shows what telemetry data it’s collecting about you.
01  Spamhaus phishing scam warns you’re on an email block list.
01  Coronavirus phishing attacks are actively targeting the US.
01  Win10 version 1909 File Explorer search box still buggy.